Implementation for an Issue #2891

stamparm · stamparm · commit e2cc9569e531 · 2018-02-13T15:53:50.000+01:00
diff --git a/lib/core/option.py b/lib/core/option.py
@@ -1785,8 +1785,8 @@ def _cleanupOptions():
     if conf.col:
         conf.col = re.sub(r"\s*,\s*", ',', conf.col)
 
-    if conf.excludeCol:
-        conf.excludeCol = re.sub(r"\s*,\s*", ',', conf.excludeCol)
+    if conf.exclude:
+        conf.exclude = re.sub(r"\s*,\s*", ',', conf.exclude)
 
     if conf.binaryFields:
         conf.binaryFields = re.sub(r"\s*,\s*", ',', conf.binaryFields)
diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py
@@ -139,7 +139,7 @@
                                "db":                "string",
                                "tbl":               "string",
                                "col":               "string",
-                               "excludeCol":        "string",
+                               "exclude":           "string",
                                "pivotColumn":       "string",
                                "dumpWhere":         "string",
                                "user":              "string",
diff --git a/lib/core/settings.py b/lib/core/settings.py
@@ -19,7 +19,7 @@
 from lib.core.enums import OS
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.2.2.10"
+VERSION = "1.2.2.11"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
@@ -464,8 +464,8 @@ def cmdLineParser(argv=None):
         enumeration.add_option("-C", dest="col",
                                help="DBMS database table column(s) to enumerate")
 
-        enumeration.add_option("-X", dest="excludeCol",
-                               help="DBMS database table column(s) to not enumerate")
+        enumeration.add_option("-X", dest="exclude",
+                               help="DBMS database identifier(s) to not enumerate")
 
         enumeration.add_option("-U", dest="user",
                                help="DBMS user to enumerate")
diff --git a/plugins/dbms/maxdb/enumeration.py b/plugins/dbms/maxdb/enumeration.py
@@ -120,8 +120,8 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMod
         else:
             colList = []
 
-        if conf.excludeCol:
-            colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')]
+        if conf.exclude:
+            colList = [_ for _ in colList if _ not in conf.exclude.split(',')]
 
         for col in colList:
             colList[colList.index(col)] = safeSQLIdentificatorNaming(col)
diff --git a/plugins/dbms/mssqlserver/enumeration.py b/plugins/dbms/mssqlserver/enumeration.py
@@ -14,6 +14,7 @@
 from lib.core.common import isTechniqueAvailable
 from lib.core.common import safeSQLIdentificatorNaming
 from lib.core.common import safeStringFormat
+from lib.core.common import singleTimeLogMessage
 from lib.core.common import unArrayizeValue
 from lib.core.common import unsafeSQLIdentificatorNaming
 from lib.core.data import conf
@@ -94,8 +95,12 @@ def getTables(self):
             for db in dbs:
                 if conf.excludeSysDbs and db in self.excludeDbsList:
                     infoMsg = "skipping system database '%s'" % db
-                    logger.info(infoMsg)
+                    singleTimeLogMessage(infoMsg)
+                    continue
 
+                if conf.exclude and db in conf.exclude.split(','):
+                    infoMsg = "skipping database '%s'" % db
+                    singleTimeLogMessage(infoMsg)
                     continue
 
                 for query in (rootQuery.inband.query, rootQuery.inband.query2, rootQuery.inband.query3):
@@ -113,8 +118,12 @@ def getTables(self):
             for db in dbs:
                 if conf.excludeSysDbs and db in self.excludeDbsList:
                     infoMsg = "skipping system database '%s'" % db
-                    logger.info(infoMsg)
+                    singleTimeLogMessage(infoMsg)
+                    continue
 
+                if conf.exclude and db in conf.exclude.split(','):
+                    infoMsg = "skipping database '%s'" % db
+                    singleTimeLogMessage(infoMsg)
                     continue
 
                 infoMsg = "fetching number of tables for "
@@ -199,8 +208,12 @@ def searchTable(self):
 
                 if conf.excludeSysDbs and db in self.excludeDbsList:
                     infoMsg = "skipping system database '%s'" % db
-                    logger.info(infoMsg)
+                    singleTimeLogMessage(infoMsg)
+                    continue
 
+                if conf.exclude and db in conf.exclude.split(','):
+                    infoMsg = "skipping database '%s'" % db
+                    singleTimeLogMessage(infoMsg)
                     continue
 
                 if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
@@ -271,8 +284,8 @@ def searchColumn(self):
         infoMsgDb = ""
         colList = conf.col.split(',')
 
-        if conf.excludeCol:
-            colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')]
+        if conf.exclude:
+            colList = [_ for _ in colList if _ not in conf.exclude.split(',')]
 
         origTbl = conf.tbl
         origDb = conf.db
@@ -318,8 +331,7 @@ def searchColumn(self):
                 _ = conf.db.split(',')
                 infoMsgDb = " in database%s '%s'" % ("s" if len(_) > 1 else "", ", ".join(db for db in _))
             elif conf.excludeSysDbs:
-                msg = "skipping system database%s '%s'" % ("s" if len(self.excludeDbsList) > 1 else "", ", ".join(db for db in self.excludeDbsList))
-                logger.info(msg)
+                infoMsgDb = " not in system database%s '%s'" % ("s" if len(self.excludeDbsList) > 1 else "", ", ".join(db for db in self.excludeDbsList))
             else:
                 infoMsgDb = " across all databases"
 
@@ -334,6 +346,9 @@ def searchColumn(self):
                 if conf.excludeSysDbs and db in self.excludeDbsList:
                     continue
 
+                if conf.exclude and db in conf.exclude.split(','):
+                    continue
+
                 if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
                     query = rootQuery.inband.query % (db, db, db, db, db, db)
                     query += " AND %s" % colQuery.replace("[DB]", db)
diff --git a/plugins/dbms/sybase/enumeration.py b/plugins/dbms/sybase/enumeration.py
@@ -188,8 +188,8 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMod
         else:
             colList = []
 
-        if conf.excludeCol:
-            colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')]
+        if conf.exclude:
+            colList = [_ for _ in colList if _ not in conf.exclude.split(',')]
 
         for col in colList:
             colList[colList.index(col)] = safeSQLIdentificatorNaming(col)
diff --git a/plugins/generic/databases.py b/plugins/generic/databases.py
@@ -23,6 +23,7 @@
 from lib.core.common import randomStr
 from lib.core.common import readInput
 from lib.core.common import safeSQLIdentificatorNaming
+from lib.core.common import singleTimeLogMessage
 from lib.core.common import singleTimeWarnMessage
 from lib.core.common import unArrayizeValue
 from lib.core.common import unsafeSQLIdentificatorNaming
@@ -298,7 +299,11 @@ def getTables(self, bruteForce=None):
                 if conf.excludeSysDbs and db in self.excludeDbsList:
                     infoMsg = "skipping system database '%s'" % unsafeSQLIdentificatorNaming(db)
                     logger.info(infoMsg)
+                    continue
 
+                if conf.exclude and db in conf.exclude.split(','):
+                    infoMsg = "skipping database '%s'" % unsafeSQLIdentificatorNaming(db)
+                    singleTimeLogMessage(infoMsg)
                     continue
 
                 infoMsg = "fetching number of tables for "
@@ -410,8 +415,8 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMod
         else:
             colList = []
 
-        if conf.excludeCol:
-            colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')]
+        if conf.exclude:
+            colList = [_ for _ in colList if _ not in conf.exclude.split(',')]
 
         for col in colList:
             colList[colList.index(col)] = safeSQLIdentificatorNaming(col)
diff --git a/plugins/generic/entries.py b/plugins/generic/entries.py
@@ -22,6 +22,7 @@
 from lib.core.common import prioritySortColumns
 from lib.core.common import readInput
 from lib.core.common import safeSQLIdentificatorNaming
+from lib.core.common import singleTimeLogMessage
 from lib.core.common import unArrayizeValue
 from lib.core.common import unsafeSQLIdentificatorNaming
 from lib.core.data import conf
@@ -68,11 +69,16 @@ def dumpTable(self, foundData=None):
             if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.HSQLDB):
                 conf.db = conf.db.upper()
 
-            if  ',' in conf.db:
+            if ',' in conf.db:
                 errMsg = "only one database name is allowed when enumerating "
                 errMsg += "the tables' columns"
                 raise SqlmapMissingMandatoryOptionException(errMsg)
 
+            if conf.exclude and conf.db in conf.exclude.split(','):
+                infoMsg = "skipping database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
+                singleTimeLogMessage(infoMsg)
+                return
+
         conf.db = safeSQLIdentificatorNaming(conf.db)
 
         if conf.tbl:
@@ -99,6 +105,11 @@ def dumpTable(self, foundData=None):
             tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl, True)
 
         for tbl in tblList:
+            if conf.exclude and tbl in conf.exclude.split(','):
+                infoMsg = "skipping table '%s'" % unsafeSQLIdentificatorNaming(tbl)
+                singleTimeLogMessage(infoMsg)
+                continue
+
             conf.tbl = tbl
             kb.data.dumpedTable = {}
 
@@ -129,8 +140,8 @@ def dumpTable(self, foundData=None):
                 columns = kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)][safeSQLIdentificatorNaming(tbl, True)]
                 colList = sorted(filter(None, columns.keys()))
 
-                if conf.excludeCol:
-                    colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')]
+                if conf.exclude:
+                    colList = [_ for _ in colList if _ not in conf.exclude.split(',')]
 
                 if not colList:
                     warnMsg = "skipping table '%s'" % unsafeSQLIdentificatorNaming(tbl)
@@ -465,6 +476,11 @@ def dumpAll(self):
                 conf.db = db
 
                 for table in tables:
+                    if conf.exclude and table in conf.exclude.split(','):
+                        infoMsg = "skipping table '%s'" % unsafeSQLIdentificatorNaming(table)
+                        logger.info(infoMsg)
+                        continue
+
                     try:
                         conf.tbl = table
                         kb.data.cachedColumns = {}
@@ -530,8 +546,8 @@ def dumpFoundColumn(self, dbs, foundCols, colConsider):
                 conf.tbl = table
                 colList = filter(None, sorted(columns))
 
-                if conf.excludeCol:
-                    colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')]
+                if conf.exclude:
+                    colList = [_ for _ in colList if _ not in conf.exclude.split(',')]
 
                 conf.col = ','.join(colList)
                 kb.data.cachedColumns = {}
diff --git a/plugins/generic/search.py b/plugins/generic/search.py
@@ -371,8 +371,8 @@ def searchColumn(self):
         infoMsgDb = ""
         colList = conf.col.split(',')
 
-        if conf.excludeCol:
-            colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')]
+        if conf.exclude:
+            colList = [_ for _ in colList if _ not in conf.exclude.split(',')]
 
         origTbl = conf.tbl
         origDb = conf.db
diff --git a/sqlmap.conf b/sqlmap.conf
@@ -494,8 +494,8 @@ tbl =
 # Back-end database management system database table column(s) to enumerate.
 col = 
 
-# Back-end database management system database table column(s) to not enumerate.
-excludeCol = 
+# Back-end database management system identifiers (database(s), table(s) and column(s)) to not enumerate.
+exclude = 
 
 # Pivot column name.
 pivotColumn =
diff --git a/txt/checksum.md5 b/txt/checksum.md5
@@ -39,14 +39,14 @@ c8551f7696a76450e6d139409e4f06cd  lib/core/enums.py
 cada93357a7321655927fc9625b3bfec  lib/core/exception.py
 1e5532ede194ac9c083891c2f02bca93  lib/core/__init__.py
 458a194764805cd8312c14ecd4be4d1e  lib/core/log.py
-9eed2d4d370f375bda5e0c0488740e7f  lib/core/optiondict.py
-02c846bf9fddbcb75afed72c0d6b9bdc  lib/core/option.py
+63ac6631d75e4f7c20b946a0c06bad33  lib/core/optiondict.py
+785746cab318fe550d98c37296a0a888  lib/core/option.py
 7dadbb9a301d40cc8cd9c7491e99b43d  lib/core/profiling.py
 ffa5f01f39b17c8d73423acca6cfe86a  lib/core/readlineng.py
 0c3eef46bdbf87e29a3f95f90240d192  lib/core/replication.py
 a7db43859b61569b601b97f187dd31c5  lib/core/revision.py
 fcb74fcc9577523524659ec49e2e964b  lib/core/session.py
-659fe726d16a8b4557d96d82181ace88  lib/core/settings.py
+5c1731dff66559f45f9f6ab7d85335df  lib/core/settings.py
 d0adc28a38e43a787df4471f7f027413  lib/core/shell.py
 63491be462c515a1a3880c27c2acc4a2  lib/core/subprocessng.py
 505aaa61e1bba3c3d4567c3e667699e3  lib/core/target.py
@@ -57,7 +57,7 @@ c40758411bb0bd68764d78e0bb72bd0f  lib/core/unescaper.py
 fc624104ddb36d41794b7a943fde5f21  lib/core/wordlist.py
 1e5532ede194ac9c083891c2f02bca93  lib/__init__.py
 7620f1f4b8791e13c7184c06b5421754  lib/parse/banner.py
-a6912de35b7184e2e8b1fe2510c0c333  lib/parse/cmdline.py
+27c4d3e568d199e01d1cffd37b370516  lib/parse/cmdline.py
 fb2e2f05dde98caeac6ccf3e67192177  lib/parse/configfile.py
 3794ff139869f5ae8e81cfdbe5714f56  lib/parse/handler.py
 263ee1cec41facd2a06d0dc887b207ad  lib/parse/headers.py
@@ -153,14 +153,14 @@ da9dccd1f9ec2cf1e53295125dd983a0  plugins/dbms/informix/filesystem.py
 25f0fb28e9defcab48a2e946fbb7550a  plugins/dbms/informix/takeover.py
 1e5532ede194ac9c083891c2f02bca93  plugins/dbms/__init__.py
 6917f9b045f6188b89e816dea9b46a3f  plugins/dbms/maxdb/connector.py
-b2df2dfaa44659ac02df396fb2174d23  plugins/dbms/maxdb/enumeration.py
+615be11d750530211af244b6ca6aef14  plugins/dbms/maxdb/enumeration.py
 ffd26f64142226d0b1ed1d70f7f294c0  plugins/dbms/maxdb/filesystem.py
 9f9f1c4c4c3150545c4b61d1cffc76a8  plugins/dbms/maxdb/fingerprint.py
 4321d7018f5121343460ebfd83bb69be  plugins/dbms/maxdb/__init__.py
 e7d44671ae26c0bcd5fe8448be070bbd  plugins/dbms/maxdb/syntax.py
 bf7842bb291e2297c3c8d1023eb3e550  plugins/dbms/maxdb/takeover.py
 6439d15c1e8cdb069056c4fa725326df  plugins/dbms/mssqlserver/connector.py
-fdc3cc66d0d35f6ebee0dd625a87f4e9  plugins/dbms/mssqlserver/enumeration.py
+a833fbc30ab1133bc6ba293d97d0ef7c  plugins/dbms/mssqlserver/enumeration.py
 7e495d786fa8e1da96e73e2905bbd7dd  plugins/dbms/mssqlserver/filesystem.py
 03d463c15ebbfa4e49155b261b59db31  plugins/dbms/mssqlserver/fingerprint.py
 affef90b1442285da7e89e46603c502e  plugins/dbms/mssqlserver/__init__.py
@@ -195,22 +195,22 @@ f639120d42b33b6ca67930bddbf2ac1f  plugins/dbms/sqlite/__init__.py
 964e59d2eba619b068b0a15cea28efe0  plugins/dbms/sqlite/syntax.py
 3364b2938d7040c507cd622c323557dc  plugins/dbms/sqlite/takeover.py
 6439d15c1e8cdb069056c4fa725326df  plugins/dbms/sybase/connector.py
-006b647e955d7638687d16e047e9c587  plugins/dbms/sybase/enumeration.py
+31462dc5a1cd2a1b4eba6762d18fb48c  plugins/dbms/sybase/enumeration.py
 74de450dd6d6d006aa9c7eed56e6b09a  plugins/dbms/sybase/filesystem.py
 c8ee0deaa2309e96d9a409ff1524f3ad  plugins/dbms/sybase/fingerprint.py
 a3db8618eed5bb2807b6f77605cba9cc  plugins/dbms/sybase/__init__.py
 36acb9a5966af21b32e8558b0d50653d  plugins/dbms/sybase/syntax.py
 79f6c7017db4ded8f74a0117188836ff  plugins/dbms/sybase/takeover.py
 34d181a7086d6dfc7e72ae5f8a4cfe0f  plugins/generic/connector.py
 e6cd1c5a5244d83396b401f7db43d323  plugins/generic/custom.py
-315a3ced9667065b24de040af296037a  plugins/generic/databases.py
-b1bd764e8f417222ebb1890232290679  plugins/generic/entries.py
+554f925e0a66f62b8ba39dd6c95d1e7f  plugins/generic/databases.py
+764a8fd5a99224910885c6b94a592170  plugins/generic/entries.py
 d82f2c78c1d4d7c6487e94fd3a68a908  plugins/generic/enumeration.py
 ea0f3b9085061b272bfd98c13ad2d977  plugins/generic/filesystem.py
 f5d5419efddfe04648ea5e953c650793  plugins/generic/fingerprint.py
 1e5532ede194ac9c083891c2f02bca93  plugins/generic/__init__.py
 f7874230e5661910d5fd21544c7d1022  plugins/generic/misc.py
-8995e814cb8e854bd77534f687535014  plugins/generic/search.py
+b1d2a7f3170f9b69e71335aa47f9b08b  plugins/generic/search.py
 a70cc0ada4b0cc9e7df23cb6d48a4a0c  plugins/generic/syntax.py
 e522c294676ede15bee751107e9bb449  plugins/generic/takeover.py
 4419b13a4b78d7e9e4a2632302344a1a  plugins/generic/users.py
